knowledge-locator
Warn
Audited by Gen Agent Trust Hub on Feb 27, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The Troubleshooting section in SKILL.md advises users to 'run with appropriate privileges' in response to permission errors. This instruction can lead to unnecessary use of sudo or administrative rights for script execution, posing a risk of privilege escalation if the underlying scripts are compromised or behave unexpectedly.
- [PROMPT_INJECTION]: The skill facilitates 'Indirect Prompt Injection' (Category 8) by design. It ingests untrusted data from project directories (e.g., auth/) and PR review chambers (decisions, patterns, lessons) to surface information.
- Ingestion points: palace_manager.py context-search and list-reviews.
- Boundary markers: None identified in the provided documentation to distinguish retrieved content from system instructions.
- Capability inventory: Executes local Python scripts (palace_manager.py) which interact with the file system.
- Sanitization: No evidence of sanitization or escaping for the retrieved external data before it is presented to the agent.
Audit Metadata